Jamie Wilkinson wrote:
> This one time, at band camp, Andy Eager said:
>
>> a) Periodically, examine all running tasks.
>> b) For each task, do an 'rpm --verify' for the package that this
>> process belongs to.
>
>
> How about a virus that renames itself to 'ls', you check the process list
> and verify that ls is in the package database.
>
If a virus did copy something over ls, it would be caught as follows:
rpm -qif `which ls` would return the package name fileutils
rpm --verify fileutils would show that ls had been modified.
I'm sure there are reasons why my idea is oversimplistic, but this would
not be one of them.
In addition, it seems to me that since the rpm --verify option (or its
alternative) is free and not a bad thing to do on executables every now
and again anyway.
Regards,
Andrew Eager.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
